<?php

require("abifunktsioonid.php");

if(isSet($_REQUEST["grupilisamine"])){

lisaGrupp($_REQUEST["uuegrupinimi"]);

header("Location: admin.php");

exit();

}

if(isSet($_REQUEST["kaubalisamine"])){

lisaKaup($_REQUEST["nimetus"], $_REQUEST["kaubagrupi_id"], $_REQUEST["hind"]);

header("Location: admin.php");

exit();

}

if(isSet($_REQUEST["kustutusid"])){

kustutaKaup($_REQUEST["kustutusid"]);

}

if(isSet($_REQUEST["muutmine"])){

muudaKaup($_REQUEST["muudetudid"], $_REQUEST["nimetus"],

$_REQUEST["kaubagrupi_id"], $_REQUEST["hind"]);

}

$kaup=kysiKaupadeAndmed();

?>
<?php
$adminuser = "admin";
$adminpass = "password";


function loginpage($error) {
	echo "<html>\n<head>\n<title>Admin panel - Please login</title>\n";
	echo "</head>\n<body>\n";
	echo "<table style='width:100%;height:100%;'>\n<tr>\n<td align='center'>\n";
	echo "<form action='" . $_SERVER['REQUEST_URI'] . "' method='post'>\n";
	echo "<table border='1' width='300' cellspacing='0' cellpadding='4'><tr>\n";
	$formtitle = "Admin panel - Please login";
	if($error) $formtitle = "Wrong credentials!";
	echo "<th colspan='2'>" . $formtitle . "</th>\n";
	echo "</tr><tr>\n";
	echo "<td><p><b><label for='username'>Username:</label></b></p></td>\n";
	echo "<td><input type='text' name='username' id='username' size='30'></td>\n";
	echo "</tr><tr>\n";
	echo "<td><p><b><label for='password'>Password:</label></b></p></td>\n";
	echo "<td><input type='password' name='password' id='password' size='30'></td>\n";
	echo "</tr><tr>\n";
	echo "<td><b>Login:</b></td>\n";
	echo "<td><input type='submit' value=' Login &raquo; ' name='login'></td></tr></table></form>\n";
	echo "</td>\n</tr>\n</table>\n</body>\n</html>";
	exit;
}

$username = $_POST['username'];
$password = $_POST['password'];
$login    = $_POST['login'];

session_start();
if($_SERVER['QUERY_STRING'] == "logout") {
	unset($_SESSION['authuser']);
	header("Location: " . $_SERVER['PHP_SELF']);
	exit;
}
if($_SESSION['authuser'] != $adminuser) {
	if(!$login) {
		loginpage(false);
	}
	elseif(($username != $adminuser) || ($password != $adminpass)) {
		loginpage(true);
	}
	else {
		$_SESSION['authuser'] = $adminuser;
		header("Location: " . $_SERVER['REQUEST_URI']);
	}
}
// else we enter the restricted area
session_write_close();
?>
<!DOCTYPE html>
<html>
  <head>
  <title>Sisselogimisega seotu</title>
  </head>
  <body>
<form action="admin.php">

<h2>Kauba lisamine</h2>

<dl>

<dt>Nimetus:</dt>

<dd><input type="text" name="nimetus" /></dd>

<dt>Kaubagrupp:</dt>

<dd><?php

echo looRippMenyy("SELECT id, grupinimi FROM kaubagrupid",

"kaubagrupi_id");

?>

</dd>

<dt>Hind:</dt>

<dd><input type="text" name="hind" /></dd>

</dl>

<input type="submit" name="kaubalisamine" value="Lisa kaup" />

<h2>Grupi lisamine</h2>

<input type="text" name="uuegrupinimi" />

<input type="submit" name="grupilisamine" value="Lisa grupp" />

</form>

<form action="admin.php">

<h2>Kaupade loetelu</h2>

<table>

<tr>

<th>Haldus</th>

<th>Nimetus</th>

<th>Kaubagrupp</th>

<th>Hind</th>

</tr>

<?php foreach($kaup as $kaup): ?>

<tr>

<?php if(isSet($_REQUEST["muutmisid"]) &&

intval($_REQUEST["muutmisid"])==$kaup->id): ?>

<td>

<input type="submit" name="muutmine" value="Muuda" />

<input type="submit" name="katkestus" value="Katkesta" />

<input type="hidden" name="muudetudid" value="<?=$kaup->id ?>" />

</td>

<td><input type="text" name="nimetus" value="<?=$kaup->nimetus ?>" /></td>

<td><?php

echo looRippMenyy("SELECT id, grupinimi FROM kaubagrupid",

"kaubagrupi_id", $kaup->kaubagrupi_id);

?></td>

<td><input type="text" name="hind" value="<?=$kaup->hind ?>" /></td>

<?php else: ?>

<td><a href="admin.php?kustutusid=<?=$kaup->id ?>"

onclick="return confirm('Kas ikka soovid kustutada?')">x</a>

<a href="admin.php?muutmisid=<?=$kaup->id ?>">m</a>

</td>

<td><?=$kaup->nimetus ?></td>

<td><?=$kaup->grupinimi ?></td>

<td><?=$kaup->hind ?></td>

<?php endif ?>

</tr>

<?php endforeach; ?>

</table>

</form>
  </body>
</html>